Security Bulletin

January 2019 Code Aurora Security Bulletin

By January 7, 2019 No Comments

Version 1.0

This document describes security vulnerabilities that were addressed through software changes. Source code patches for these issues have been released to the Code Aurora Forum (CAF) and linked from this bulletin. These changes are applicable but not limited to Android for MSM (all Android releases from CAF using the Linux-kernel), Firefox OS for MSM & QRD Android projects. Customers were previously notified of the issues described in this bulletin. Each of the vulnerabilities has an associated security rating. A description of these ratings using v 1.2 of the ratings scheme can be found at the following link.

Please reach out to security-advisory@quicinc.com for any questions related to this bulletin.

Announcements

None.

Acknowledgements

We would like to thank these researchers for their contributions in reporting these issues to us.

CVE-2018-12006, CVE-2018-12010, CVE-2018-12011, CVE-2018-13893 Reported to us through Google Android Security team; please see bulletins at https://source.android.com/security/overview/acknowledgements/ for individual credit information.

Table of vulnerabilities

Public ID Security Rating Technology Area Date Reported
CVE-2018-12006 Medium Display 5/16/2018
CVE-2018-11962 High Audio Internal
CVE-2018-12010 Medium Core Services 6/19/2018
CVE-2018-12011 Medium Qualcomm IPC 6/27/2018
CVE-2018-12014 High Data Network Stack & Connectivity Internal
CVE-2018-13889 High GPS AP-Linux Internal
CVE-2018-13893 Medium Core Services 7/24/2018

CVE-2018-12006

CVE ID CVE-2018-12006
Title Information Exposure in Display
Description Users with no extra privileges can potentially access leaked data due to uninitialized padding present in display function.
Technology Area Display
Vulnerability Type CWE-200 Information Exposure
Access Vector Local
Security Rating Medium
Date Reported 5/16/2018
Customer Notified Date 10/1/2018
Patch

CVE-2018-11962

CVE ID CVE-2018-11962
Title Use After Free in Audio
Description Heap-use-after-free issue while loading audio effects config in audio effects factory.
Technology Area Audio
Vulnerability Type CWE-416 Use After Free
Access Vector Local
Security Rating High
Date Reported Internal
Customer Notified Date 10/1/2018
Patch

CVE-2018-12010

CVE ID CVE-2018-12010
Title Stack-based Overflow in Core
Description Absence of length sanity check may lead to possible stack overflow resulting in memory corruption in trustzone region.
Technology Area Core Services
Vulnerability Type CWE-121 Stack-based Buffer Overflow
Access Vector Local
Security Rating Medium
Date Reported 6/19/2018
Customer Notified Date 10/1/2018
Patch

CVE-2018-12011

CVE ID CVE-2018-12011
Title Information Exposure in Core
Description Uninitialized data for socket address leads to information exposure.
Technology Area Qualcomm IPC
Vulnerability Type CWE-200 Information Exposure
Access Vector Local
Security Rating Medium
Date Reported 6/27/2018
Customer Notified Date 10/1/2018
Patch

CVE-2018-12014

CVE ID CVE-2018-12014
Title Use After Free in HLOS Data
Description A dangling pointer can be dereferenced in HLOS Data.
Technology Area Data Network Stack & Connectivity
Vulnerability Type CWE-416 Use After Free
Access Vector Local
Security Rating High
Date Reported Internal
Customer Notified Date 10/1/2018
Patch

CVE-2018-13889

CVE ID CVE-2018-13889
Title Use After Free in GPS
Description Heap memory was accessed after it was freed.
Technology Area GPS AP-Linux
Vulnerability Type CWE-416 Use After Free
Access Vector Local
Security Rating High
Date Reported Internal
Customer Notified Date 10/1/2018
Patch

CVE-2018-13893

CVE ID CVE-2018-13893
Title Untrusted Pointer Dereference in DIAG Services
Description Out of bound mask range access caused by using possible old value of msg mask table count while copying masks to userspace.
Technology Area Core Services
Vulnerability Type CWE-822 Untrusted Pointer Dereference
Access Vector Local
Security Rating Medium
Date Reported 7/24/2018
Customer Notified Date 10/1/2018
Patch

Industry Coordination

Security ratings of issues included in Android security bulletins and these bulletins match in the most common scenarios but may differ in some cases due to one of the following reasons:

  • Consideration of security protections such as SELinux not enforced on some platforms

  • Differences in assessment of some specific scenarios that involves local denial of service or privilege escalation vulnerabilities in the high level OS kernel

Version History

Version Date Comments
1.0 January 7, 2019 Bulletin Published